Marcotte, Tyler wrote:
Hi, You said it's a bug in 1.x. I just tried the latest code in the cvs repository (2.0 I believe) and I still get the same problem. After the PEAP failure, it sends an Access-Challenge rather than an Access- Reject.
That's completely different from what you said before.
Am I missing anything else here?
$ radiusd -X
Alan DeKok.
I had it attached to my first email. Here it is again inline though. Thanks, -Tyler Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.3.88:1812, id=223, length=185 NAS-IP-Address = 192.168.3.88 NAS-Port = 192 Cisco-NAS-Port = "FastEthernet0/6" NAS-Port-Type = Ethernet User-Name = "user1" Called-Station-Id = "00-0D-29-53-6D-46" Calling-Station-Id = "00-09-6B-7C-1F-78" Service-Type = Framed-User Framed-MTU = 1500 State = 0x45d6de6646898817fedcc83eb8325436 EAP-Message = 0x0207001d1900170301001255c450b5120aec60b77bb555c8b9e89b6026 Message-Authenticator = 0x48d3b363a7a39d3120d016ea8ee0ef55 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 17 modcall[authorize]: module "preprocess" returns ok for request 17 modcall[authorize]: module "chap" returns noop for request 17 modcall[authorize]: module "mschap" returns noop for request 17 rlm_realm: No '\' in User-Name = "user1", skipping NULL due to config. modcall[authorize]: module "ntdomain" returns noop for request 17 users: Matched entry DEFAULT at line 158 users: Matched entry DEFAULT at line 177 users: Matched entry user1 at line 223 modcall[authorize]: module "files" returns ok for request 17 rlm_eap: EAP packet type response id 7 length 29 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 17 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 17 modcall: leaving group authorize (returns updated) for request 17 rad_check_password: Found Auth-Type System rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'user1' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 17 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020700061a03 PEAP: Setting User-Name to user1 PEAP: Adding old state with 21 a6 PEAP: Sending tunneled request EAP-Message = 0x020700061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "user1" State = 0x21a6b01dca8c206387e07f1b6ed3d5e2 NAS-IP-Address = 192.168.3.88 NAS-Port = 192 Cisco-NAS-Port = "FastEthernet0/6" NAS-Port-Type = Ethernet Called-Station-Id = "00-0D-29-53-6D-46" Calling-Station-Id = "00-09-6B-7C-1F-78" Service-Type = Framed-User Framed-MTU = 1500 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 17 modcall[authorize]: module "preprocess" returns ok for request 17 modcall[authorize]: module "chap" returns noop for request 17 modcall[authorize]: module "mschap" returns noop for request 17 rlm_realm: No '\' in User-Name = "user1", skipping NULL due to config. modcall[authorize]: module "ntdomain" returns noop for request 17 users: Matched entry DEFAULT at line 158 users: Matched entry DEFAULT at line 177 users: Matched entry user1 at line 223 modcall[authorize]: module "files" returns ok for request 17 rlm_eap: EAP packet type response id 7 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 17 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 17 modcall: leaving group authorize (returns updated) for request 17 rad_check_password: Found Auth-Type System rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'user1' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 17 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 17 modcall: leaving group authenticate (returns ok) for request 17 Processing the session section of radiusd.conf modcall: entering group session for request 17 radius_xlat: '/var/log/radius/radutmp' radius_xlat: 'user1' modcall[session]: module "radutmp" returns ok for request 17 modcall: leaving group session (returns ok) for request 17 PEAP: Got tunneled reply RADIUS code 3 Reply-Message := "\r\nYou are already logged in - access denied\r\n\n" PEAP: Processing from tunneled session code 0x81667248 3 Reply-Message := "\r\nYou are already logged in - access denied\r\n\n" PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 17 modcall: leaving group authenticate (returns handled) for request 17 Sending Access-Challenge of id 223 to 192.168.3.88 port 1812 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010800261900170301001b1450162d7978bb0a346febf7acf7b4182469bacd418814fa e7c575 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5e309299e4e51fb5676d6d6b3e369b85 Finished request 17 Going to the next request Waking up in 6 seconds...